Sunday, March 21, 2010

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

Event ID: 1058

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=,DC=. The file must be present at the location <\\DOMAIN.EXT\sysvol\DOMAIN.EXT\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

These event log are driving me crazy for last 2hrs, finally I got the solution.

First of all what is this CN={31B2F340-016D-11D2-945F-00C04FB984F9}?
{31B2F340-016D-11D2-945F-00C04FB984F9} is default domain policy
(http://support.microsoft.com/kb/216359)

Solution

Try accessing the following location while logged on to the server which is
having the problem Vs the server which is not seeing the problem.

On the server which is seeing the errors and we are not able to access the
following share, please ping the domain and see which domain controller is
responding and see if we are able to access that DC doing a \\dcname

If accessing
\\DOMAIN.EXT\sysvol\DOMAIN.EXT\Policies\ {31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
fails, please try accessing the same file going to the \\DOMAIN.EXT
and then locating the file.

Also check SYSVOL permission settings as described in MS KB 290647 (http://support.microsoft.com/kb/290647)

If all of these are successful and we are still seeing the error message.
Then, there should be a problem with the DFS cache as it didn't get pruged on
the client.

to purge the cache, please use the resource kit utility DFSUTIL

Go to command prompt and run these commands

C:\>dfsutil /purgemupcache
C:\>gpupdate /force

Now check event viewer , You should have event log 1704

Security policy in the Group policy objects has been applied successfully.